From 2c5377c107dde03951f3ed4dc541246fba019695 Mon Sep 17 00:00:00 2001 From: Denys Dmytriyenko Date: Tue, 5 Jul 2022 19:11:37 +0000 Subject: [PATCH] applaunchd: update and install agl-app@ template and sandboxing configs The new applaunchd adds systemd_manager that allows launching apps as systemd services in a sandboxed environment. And dbus_activation_manager is deprecated. * Update SRCREV for the new code * Bump version to indicate a major change * Install supporting config files * Add build dependency on systemd * Add runtime dependency on polkit rule to manage agl-app@ services Bug-AGL: SPEC-4466 Signed-off-by: Denys Dmytriyenko Change-Id: I01b0247d18be8d97b4ea2866d161cffbda8f9155 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27752 Reviewed-by: Marius Vlad Reviewed-by: Jan-Simon Moeller Reviewed-by: Scott Murray Tested-by: Jenkins Job builder account --- .../applaunchd/applaunchd/agl-app@.service | 8 +++++++ .../applaunchd/applaunchd/no-network.conf | 2 ++ .../applaunchd/applaunchd/private-tmp.conf | 2 ++ .../recipes-core/applaunchd/applaunchd_git.bb | 26 +++++++++++++++++----- 4 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service create mode 100644 meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf create mode 100644 meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service new file mode 100644 index 000000000..c8361fa0a --- /dev/null +++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/agl-app@.service @@ -0,0 +1,8 @@ +[Unit] +Description=Sandboxed %I + +[Service] +Type=simple +User=agl-driver +ExecStart=%i +Environment=XDG_RUNTIME_DIR=/run/user/1001/ diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf new file mode 100644 index 000000000..c7c4f8a31 --- /dev/null +++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/no-network.conf @@ -0,0 +1,2 @@ +[Service] +PrivateNetwork=true diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf new file mode 100644 index 000000000..0bdba7c99 --- /dev/null +++ b/meta-app-framework/recipes-core/applaunchd/applaunchd/private-tmp.conf @@ -0,0 +1,2 @@ +[Service] +PrivateTmp=yes diff --git a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb index 2457b67d1..5c2036a78 100644 --- a/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb +++ b/meta-app-framework/recipes-core/applaunchd/applaunchd_git.bb @@ -8,21 +8,37 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=ae6497158920d9524cf208c09cc4c984" DEPENDS = " \ glib-2.0 \ glib-2.0-native \ + systemd \ " -PV = "1.0+git${SRCPV}" +PV = "2.0+git${SRCPV}" SRC_URI = " \ - git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH} \ - " -SRCREV = "c84836ec5ddaf2d0e91c46713475c35652bb540f" + git://gerrit.automotivelinux.org/gerrit/src/applaunchd;protocol=https;branch=${AGL_BRANCH} \ + file://agl-app@.service \ + file://no-network.conf \ + file://private-tmp.conf \ +" +SRCREV = "efbd734aca8b813710d7564d79696b1cf150a88c" -S = "${WORKDIR}/git" +S = "${WORKDIR}/git" inherit meson pkgconfig +do_install:append() { + # Install generic template for all agl-app services + mkdir -p ${D}${sysconfdir}/systemd/system/ + install -m 644 ${WORKDIR}/agl-app@.service ${D}${sysconfdir}/systemd/system/ + + # Install individual sandboxing overrides/drop-ins to be used by apps + mkdir -p ${D}${sysconfdir}/systemd/sandboxing/ + install -m 644 ${WORKDIR}/no-network.conf ${D}${sysconfdir}/systemd/sandboxing/ + install -m 644 ${WORKDIR}/private-tmp.conf ${D}${sysconfdir}/systemd/sandboxing/ +} + FILES:${PN} += " ${datadir}/dbus-1/" RDEPENDS:${PN} += " \ agl-session \ + polkit-rule-agl-app \ " -- 2.16.6